This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "Java Security Frameworks"
From OWASP
m (→Cross Site Scripting (XSS)) |
m (→Access Control (Authentication and Authorisation)) |
||
| Line 5: | Line 5: | ||
* [http://www.hdiv.org/ HDIV] A web application security framework that provides a number of functions. | * [http://www.hdiv.org/ HDIV] A web application security framework that provides a number of functions. | ||
| − | == Access Control (Authentication and | + | == Access Control (Authentication and Authorization) == |
* [http://sourceforge.net/projects/jguard jGuard] - jGuard is written in Java. Its goal is to provide a security framework based on JAAS (Java Authentication and Authorization Security). The framework is written for web and standalone applications, to easily provide solutions for access control problems. | * [http://sourceforge.net/projects/jguard jGuard] - jGuard is written in Java. Its goal is to provide a security framework based on JAAS (Java Authentication and Authorization Security). The framework is written for web and standalone applications, to easily provide solutions for access control problems. | ||
Revision as of 00:10, 3 September 2014
A list of third party (i.e. not part of Java SE or EE) security frameworks. This page contains a list of Java security libraries and frameworks and indicates which security features each library supports.
Enterprise
- OWASP Enterprise Security API a new OWASP project to provide all essential security services under one roof.
- HDIV A web application security framework that provides a number of functions.
Access Control (Authentication and Authorization)
- jGuard - jGuard is written in Java. Its goal is to provide a security framework based on JAAS (Java Authentication and Authorization Security). The framework is written for web and standalone applications, to easily provide solutions for access control problems.
Encryption
- Bouncycastle - Lightweight Java cryptography APIs
- Jasypt - Jasypt is a java library which allows the developer to add basic encryption capabilities to his/her projects with minimum effort, and without the need of having deep knowledge on how cryptography works.
Cross Site Scripting (XSS)
- OWASP Java Encoder Project is a Java 1.5+ simple-to-use drop-in high-performance encoder class with no dependencies to help Java web developers defend against Cross Site Scripting.
- OWASP Java HTML Sanitizer Project is a fast and easy to configure HTML Sanitizer written in Java which lets you include HTML authored by third-parties in your web application while protecting against XSS.
- OWASP Java JSON Sanitizer is a tool to convert JSON-like content to valid JSON! The OWASP JSON Sanitizer Project is a simple to use Java library that can be attached at either end of a data-pipeline
Additional Java Security Libraries
| Name and link |
Updated |
AU |
AC |
CF |
CR |
IV |
OE |
SM |
XM |
XS |
|---|---|---|---|---|---|---|---|---|---|---|
| AntiSami |
2011 |
|
|
|
|
Y |
Y |
|
|
|
| Apache Santuarrio |
2011 |
|
|
|
|
|
|
|
Y |
|
| Apache Shiro |
2011 |
Y |
Y |
? |
Y |
? |
Y |
Y |
? |
Y |
| Bouncy Castle |
2011 |
|
|
|
Y |
|
|
|
|
|
| CSRFGuard |
? |
|
|
Y |
Y |
|
|
|
|
|
| ESAPI |
2010 |
Y |
Y |
? |
Y |
Y |
Y |
? |
|
Y |
| Jasypt |
2010 |
|
|
|
Y |
|
|
|
|
|
| iGuard |
2011 |
Y |
Y |
|
|
|
|
|
|
|
| Vlad |
? |
|
|
|
|
Y |
|
|
|
|
Security Features Key
- AU Authentication
- AC Authorization / Access Control
- CF Anti CSRF
- CR Cryptography
- IV Input Validation
- OE Output encoding
- SM Session management
- XM XML security
- XS XSS protection
